I'm trying to monitor the functioning of an older app. There might be many instances of this app, but the only one I care about runs in a specific user context - all of the others will be running in the localsystem context, and do not reliably indicate whether the app is healthy. If there are no instances of the app running in this specific user context, we must be alerted so that we can correct the problem.
I've been able to run a manual WMIC query (wmic /node:computer1 /user:"firstname.lastname@example.org" process where name="foo.exe" call getowner) to list the process with that name and their respective owners, but am not seeing how to narrow down the output to determine if the particular foo.exe is being run by user baz.
We've go PRTG 220.127.116.1110+ running on Win 2008 R2. I've upgraded powershell on it to v4, if that's any help.
Any help in configuring this would be much appreciated.